I remember adrian and hans having a converstaion on the dev list about this. some weeks ago.
BJ Freeman sent the following on 9/21/2008 2:29 AM: > I validated you findings on the demo server. > I compared the security permission for the group and see no difference > so I assume the security permission for the user login has been changed > since > svn 691430 > but I don't have time to check it out the commit list as to when or how. > > > Bruno Busco sent the following on 9/21/2008 2:09 AM: >> I may be blind, >> I am trying also with https://demo.hotwaxmedia.com/mypage using user >> DemoEmployee >> I can't find the edit userlogin button. >> -Bruno >> >> 2008/9/21 BJ Freeman <[EMAIL PROTECTED]> >> >>> My understanding of Dev is if it has to do with changing the design of >>> ofbiz >>> I may be wrong but this sounds more like a bug. >>> that could be dev but I see as user >>> I am open to a clarification. >>> :D >>> my permission is MYPAGE_EMPLOYEE only. >>> So only mypage and projects show when the user logs in. >>> I am taken to the My page. >>> I click on profile >>> then edit userlogin >>> when I click on save i get no error messages. >>> >>> this is with svn 691430 >>> >>> >>> Bruno Busco sent the following on 9/21/2008 12:50 AM: >>>> Hi BJ, >>>> I have created a new user and given him the following permission: >>>> CATALOG_VIEW, MYPAGE_EMPLOYEE, OFBTOOLS_VIEW, ORDERMGR_VIEW >>>> >>>> the UI button to go the editlogin is not present anywhere. >>>> if I put the url https://localhost:8443/mypage/control/editloginmanually I >>>> get the screen but I get a getUserPreferences service error when I press >>> the >>>> "save" button. >>>> >>>> I switch, as suggested, the thread back to the user ML but I definetely >>>> think its a dev issue ;-) >>>> >>>> Thank you, >>>> Bruno >>>> >>>> >>>> ---------- Forwarded message ---------- >>>> From: BJ Freeman <[EMAIL PROTECTED]> >>>> Date: 2008/9/21 >>>> Subject: Re: Question -- How does a normal user change there own >>> password?? >>>> To: [email protected] >>>> Cc: [EMAIL PROTECTED] >>>> >>>> >>>> a user that has the permissions to see their profile can change their >>>> password thru >>>> https://localhost:8443/mypage/control/editlogin >>>> and be able to access this thru >>>> https://localhost:8443/mypage/control/main >>>> the user has to have mypage permission. >>>> I just tested this. >>>> Note: they can not change their permissions. >>>> Should be on the user mailing list >>>> >>>> >>>> Bruno Busco sent the following on 9/20/2008 10:45 PM: >>>>> Hi Philip, >>>>> has there been any improvement on this? >>>>> I need the "change my password" feature for standard backend users (non >>>>> admin) and I wonder if it has been decided how to implement it. >>>>> Thank you, >>>>> -Bruno >>>>> >>>>> >>>>> >>>>> ---------- Forwarded message ---------- >>>>> From: Jacques Le Roux <[EMAIL PROTECTED]> >>>>> Date: 2008/8/21 >>>>> Subject: Re: Question -- How does a normal user change there own >>>> password?? >>>>> To: [email protected], "Philip W. Dalrymple III" <[EMAIL PROTECTED]> >>>>> >>>>> >>>>> I guess they are aware now... >>>>> >>>>> >>>>> Jacques >>>>> >>>>> From: "Philip W. Dalrymple" <[EMAIL PROTECTED]> >>>>> >>>>>> Understood >>>>>> How do I get in touch with Hans and Adrain, this is an area that >>>>>> I might be able to add a small bit of manpower to but don't want >>>>>> to either step on toes or re-invent the wheel on. >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>> From: "BJ Freeman" <[EMAIL PROTECTED]> >>>>>> To: [email protected] >>>>>> Sent: Thursday, August 21, 2008 8:05:43 AM GMT -05:00 US/Canada Eastern >>>>>> Subject: Re: Question -- How does a normal user change there own >>>> password?? >>>>>> your are right it is something that is just being address. there is not >>>>>> a lot of manpower to move it forward fast >>>>>> currently Hans and Adrain are the ones that are involved in it. >>>>>> I am more from a interested party but not involved. >>>>>> The My page has profile info on it. >>>>>> you just have to remove the permission for partymager from those that >>>>>> you don't want to have access. >>>>>> But there are other companies i have worked for that want everyone to >>>>>> see everything. >>>>>> so it is more once the installation goes in how security will be >>> handled. >>>>>> Philip W. Dalrymple sent the following on 8/21/2008 4:53 AM: >>>>>> >>>>>>> I found the place in party (user name edit). >>>>>>> >>>>>>> I would think that, for most internal (backoffice) user, this is >>>>>>> not a place that the admin would want to allow access even to there >>>>>>> own login. I would think that most users would NOT have access to the >>>>>>> user login edit rights even if they can modify other "party" data and >>>>>>> I would think that most internal users would not have general party >>> edit >>>>>>> rights (they might change party data via other interfaces that are >>> more >>>>>>> limited). >>>>>>> >>>>>>> Am I missing something or is this just a place that has not been >>> worked >>>>>>> on in OfBiz much yet. >>>>>>> >>>>>>> I do note that in the "banner" at the top right there are two items >>> that >>>>>>> I would expect to be a part of the "users profile", time zone, and >>>>>>> language. >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>> From: "Jacques Le Roux" <[EMAIL PROTECTED]> >>>>>>> To: [email protected] >>>>>>> Sent: Wednesday, August 20, 2008 9:30:34 AM GMT -05:00 US/Canada >>> Eastern >>>>>>> Subject: Re: Question -- How does a normal user change there own >>>>>>> password?? >>>>>>> >>>>>>> This is done in the person's profile (in Party) in "User Name(s)" >>>> section >>>>>>> : edit on login line >>>>>>> >>>>>>> Jacques >>>>>>> >>>>>>> From: "Philip W. Dalrymple" <[EMAIL PROTECTED]> >>>>>>> To: <[email protected]> >>>>>>> Sent: Wednesday, August 20, 2008 2:50 PM >>>>>>> Subject: Re: Question -- How does a normal user change there own >>>>>>> password?? >>>>>>> >>>>>>> >>>>>>> I was not thinking about customers, (we would only have "backend" >>>> users) >>>>>>>> for a internal users who needs to change there password (say because >>> of >>>>>>>> company rules or just because they want to) should there be a way for >>>>>>>> them to change passwords? >>>>>>>> >>>>>>>> (I tend to use the term "internal" user to refer to people who work >>>>>>>> for the company who runs the system) >>>>>>>> >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>> From: "BJ Freeman" <[EMAIL PROTECTED]> >>>>>>>> To: [email protected] >>>>>>>> Sent: Wednesday, August 20, 2008 7:37:06 AM GMT -05:00 US/Canada >>>> Eastern >>>>>>>> Subject: Re: Question -- How does a normal user change there own >>>>>>>> password?? >>>>>>>> >>>>>>>> There was, at on time, an added dialog on the login, that allow the >>>> user >>>>>>>> to request a new login if they had lost it. >>>>>>>> a "customer" can not access the back end except for order status. >>>>>>>> there has been talk on the dev list about letting the "customer" use >>>> the >>>>>>>> new mypage feature that give them access to their profile. >>>>>>>> this, at this time, is not the case. >>>>>>>> >>>>>>>> Philip W. Dalrymple sent the following on 8/20/2008 3:46 AM: >>>>>>>> >>>>>>>>> I am looking at OfBiz (current SVN head or as of a few days ago) >>>>>>>>> and don't see how a normal user is supposed to change there password >>>>>>>>> >>>>>>>>> I see in the party section where a admin can change the password and >>>>>>>>> found that when a user is created the admin creating the user can >>>> force >>>>>>>>> a password change on the user but I can't find how a normal (non >>>> admin) >>>>>>>>> user is supposed to change there own password. >>>>>>>>> >>>>>>>>> Also there does not appear to be a way for the admin to re-set a >>> users >>>>>>>>> password and then force them to change there password the next time >>>> the >>>>>>>>> user logs in (except via the "Entity Engine Tools" in the web tools >>>>>>>>> app. >>>>>>>>> >>>>>>>>> Am I just missing something or is this a missing bit of OfBiz? >>>>>>>>> >>>>>>>>> >>>>>>>> -- >>>>>>>> This email, and any files transmitted with it, is confidential and >>>>>>>> intended solely for the use of the individual or entity to whom they >>>> are >>>>>>>> addressed. If you have received this email in error, please advise >>>>>>>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. >>>>>>>> >>>>>>>> New MDT Software Headquarters (As of July 1, 2008): >>>>>>>> 3480 Preston Ridge Road >>>>>>>> Suite 450 >>>>>>>> Alpharetta, GA 30005 >>>>>>>> >>>>>>>> >>>>>>>> Philip W. Dalrymple III <[EMAIL PROTECTED]> >>>>>>>> MDT Software - The Change Management Company >>>>>>>> +1 678 297 1001 >>>>>>>> Fax +1 678 297 1003 >>>>>>>> >>>>>>>> >>>>>> -- >>>>>> This email, and any files transmitted with it, is confidential and >>>> intended >>>>>> solely for the use of the individual or entity to whom they are >>>> addressed. >>>>>> If you have received this email in error, please advise >>>>>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. >>>>>> >>>>>> New MDT Software Headquarters (As of July 1, 2008): >>>>>> 3480 Preston Ridge Road >>>>>> Suite 450 >>>>>> Alpharetta, GA 30005 >>>>>> >>>>>> >>>>>> Philip W. Dalrymple III <[EMAIL PROTECTED]> >>>>>> MDT Software - The Change Management Company >>>>>> +1 678 297 1001 >>>>>> Fax +1 678 297 1003 >>>>>> >>>>>> >>> > > > >
